PingFederate 11.1.1 (July 2022) - PingFederate - 11.2

PingFederate Server

bundle
pingfederate-112
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 11.2
category
Administrator
Administratorguide
Audience
Capability
ContentType
DeploymentMethod
Guide
Product
Productdocumentation
SingleSignonSSO
Software
SystemAdministrator
pf-112
pingfederate
ContentType_ce
Product documentation
Guide
Guide > Administrator Guide

Enhancements and resolved issues in PingFederate 11.1.1.

Administrative API enhancement

Info

Improved the administrative API to manage the System for Cross-domain Identity Management (SCIM) inbound provisioning settings in identity provider (IdP) connections.

Message customization enhancement

Info

Enhanced PingFederate message customization by adding the following FedHub-specific context variables:

  • FedHubSpConnApplicationName
  • FedHubSpConnName
  • FedHubOAuthClientId
  • FedHubOAuthClientName

Cluster management enhancement

Info

Revised the Cluster Management window to make it more obvious when changes to the configuration on the administrative node have not been replicated to the engine nodes.

Security around password expiration

PingDirectory
FixedPF-29706

Improved the security around password expiration when using PingDirectory as a user store.

Issuance criteria in authentication policy contracts

FixedPF-31485

Issuance criteria in authentication policy contracts no longer cause the logs to indicate invalid XML errors. This issue did not cause runtime errors.

HTTP header for client IP addresses

FixedPF-31735

Resolved an issue that sometimes occurred when IPV6 addresses were specified in the HTTP Header for Client IP Addresses field on the Incoming Proxy Settings window.

Error descriptions

FixedPF-31753

PingFederate error descriptions no longer disclose details of java classes.

MasterKeyEncryptor failure during cluster replication

FixedPF-31795

When PingFederate is using a custom MasterKeyEncryptor that relies on an SSL call to an external service, cluster replication no longer causes cascading failures because PingFederate is unable to open Java key store files.

Updating the client secret with the OAuth client management service

FixedPF-31851

When updating the client secret with the OAuth client management service, PingFederate now correctly creates the secondary secrets.

OAuth authorization requests with response_mode=pi.flow

FixedPF-31942

Now when PingFederate receives an OAuth authorization request with response_mode=pi.flow, password change and account recovery flows using an authentication policy work correctly.